Manage 2-factor settings

┌────────────────────────────────────────────────────────────────────────────┐
│                      2-factor Authentication Settings                      │
└────────────────────────────────────────────────────────────────────────────┘

┌─┬──────────────────────────────────────────────────────────────────────────┐
│1│View or Change the Yubikey HMAC                                           │
│2│View or Change the Yubikey validation host URL                            │
│3│View or Change the Yubikey sync pool                                      │
│4│View or Change the Yubikey allowed sync hosts                             │
│5│Manage the YubiHSM settings                                               │
│6│Manage TOTP settings                                                      │
└─┴──────────────────────────────────────────────────────────────────────────┘

Move the cursor or enter a it's corresponding number (Q to Quit)

Main> Provisioning> 2-Factor>

View or Change the Yubikey HMAC

In cryptography, a keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authentication of a message. Text from wikipedia

The secret cryptographic key used for the Yubikey HMAC needs to be in base64 format. You can either specifiy it manually or let the appliance generate random string which will be base64 encoded, if you type a single dot (“.”) as the sole input.

Manage the Yubikey HMAC

Yubikey HMAC in base64 format? (. to generate or Q to Quit) <FIXME>: .
Yubikey HMAC in base64 format? (. to generate or Q to Quit) <RTN6NVc0bWRPbzdlRmFMSA==>:

Press any key to continue

View or Change the Yubikey validation host URL

Manage the Yubikey validation host URL

Yubikey validation URL? (. for no/blank URL or Q to Quit) <api.yubico.com/wsapi/2.0/verify>: 127.0.0.1/wsapi/2.0/verify.php

View or Change the Yubikey sync pool

Current seting is $baseParams['__YKVAL_SYNC_POOL__'] = array();

Syntax is:
Single host:     "https://host.domain.tld/wsapi/2.0/sync.php"
Multiple hosts:  "https://host1.domain.tld/wsapi/2.0/sync.php","https://host2.domain.tld/wsapi/2.0/sync.php"

Sync Hosts: (Press . to reset to no pool or Q to Quit) <>:

View or Change the Yubikey allowed sync hosts

Current seting is $baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] = array();

Syntax is (must be ip addresses):
Single host:     "10.1.2.3"
Multiple hosts:  "10.1.2.3","10.1.2.4","10.1.2.5"

Allowed Sync Hosts: (Press . to reset to no pool or Q to Quit) <>:

Manage the YubiHSM settings

┌────────────────────────────────────────────────────────────────────────────┐
│                      2-factor Authentication Settings                      │
└────────────────────────────────────────────────────────────────────────────┘

┌─┬──────────────────────────────────────────────────────────────────────────┐
│1│Add more Yubikeys to the YubiHSM                                          │
└─┴──────────────────────────────────────────────────────────────────────────┘

Move the cursor or enter a it's corresponding number (Q to Quit)

Main> Provisioning> 2-Factor> HSM>

Add more Yubikeys to the YubiHSM

Insert a USB disk and press enter when ready. Ready? (<Y>/n):

Available files in /mnt/usb:

yubikeys.txt
yubikeys.txt.sign

Enter filename of the file containing new keys (Q to Quit) <yubikeys.txt>:
Install the new Yubikeys from "yubikeys.txt" into the YubiHSM? (<Y>/n):

Manage TOTP Settings

TOTP Settings

You can change the TOTP issuer to better suite your needs. Currently StoredSafe
uses two issuers, one generic issuer and one for users with TOTP only for 2FA.

Issuer: StoredSafe
Issuer (2FA): StoredSafe 2FA

Set generic issuer to? (Q to Quit) <StoredSafe>: stored.safe.cc
Set 2FA issuer to? (Q to Quit) <StoredSafe 2FA>: stored.safe.cc 2FA

Save changes? (<Y>/n): n

Press any key to continue